1. Field of the Invention
The present invention relates to a user identification data management scheme in networking computer systems in which a plurality of computer systems are connected through a wide area network, where each computer system is managed independently to limit accesses from an external location under a different management.
2. Description of the Background Art
In conjunction with a down sizing of a computer system and an enrichment of a network environment, the use of a computer system has rapidly expanded into a wide range of fields, and there has been a trend for shifting from a centralized system to a distributed system. For example, terminals or workstations (WS) are installed in an office and utilized for business purposes such as document or spread sheet productions, or for technical calculations such as simulations, or as CAD for a variety of designing purposes, or as a communication system providing electronic mail services.
In addition to the advance in the computer system itself, with the progress and the spread of the computer network technology, it has becomes increasingly popular nowadays to share resources such as files and printers in an office, to utilize services provided outside an office, and to communicate with outside of an office.
For instance, a super-computer is installed in an external computer center for the purpose of scientific calculations requiring specialized or high speed processing, and shared by many users. Each user connects his own WS to this super-computer by means of a remote log-in function, transfers data by means of a remote file copy function, requests the super-computer to execute the necessary processing, and receives the processing result on his own WS for storing into a recording medium or displaying at a display.
Also, by utilizing such a computer network environment, a WS conference can be held by connecting his or her own WS with other WSs at remote locations, or opinions can be exchanged by means of electronic mail.
The utilization mode of a computer system such as the WS conference or the electronic mail is particularly effective when all the information and processing necessary for the communication are provided on the user's own computer system.
Moreover, there are progresses in the graphics technology, the file capacity, and the multi-media technology. However, the functions of the computer system or the network are still insufficient to match progresses in these fields. For instance, the WS conference system can be effectively utilized for the purpose of transmitting data contents, but its ability to convey information is still insufficient to convey subtle reactions of participants such as facial expressions, or to convey impressiveness on the data transmitting side. Also, in a relatively large scale meeting as in a TV conference system, with the current communication capability and the display capability of the WS, each participant can be displayed only very small, at low resolution, such that there arises problems of a poor color reproduction and an awkward movement indication on a screen.
For this reason, in a conventional scheme (so called face-to-face scheme) in which participants are gathered at a prescribed conference room to have discussions, computer systems provided at the conference room are often utilized as providing assistance for the participants. In this case, the computer systems provided at the conference room are normally connected with the computer systems usually utilized by the participants (home systems) through a wide area network.
Here, however, the computer systems provided at the conference room are normally utilized consecutively in a variety of mutually unrelated conferences, so that there are cases in which an account to be registered such as a user name, a user ID, a password, etc. is set to be a temporary one valid only for each conference. In this case, the participant cannot utilize that computer system before the conference starts or after the conference is over. In addition, in this case, when it is possible for the participant to utilize his home system by remote access from the computer system at the conference room, the user authentication cannot be carried out by the computer system at the conference room, so that it is too risky to allow the remote accesses to the home system freely.
On the other hand, it is also possible to consider a scheme in which a predetermined common account is assigned to each computer system at the conference room in advance such that any participant of the conference can utilize the computer system provided at the conference room. In this case, however, the same account is going to be assigned to participants of different conferences in overlap, so that while the access before or after the conference becomes possible, it also becomes possible for the participant to look into files belonging to someone else who is utilizing the same account, so that there is a problem from a viewpoint of secrecy of data. In addition, as a password of such an account, an easily remembered one is usually employed in view of its pubic and shared nature, and the use of such an easily remembered password can potentially be disadvantageous from a viewpoint of security.
Furthermore, even when a user attempts to utilize a computer system of his or her own organization from a computer system provided at a different organization, such an access is often prohibited in order to prohibit an improper external access and protect important internal data. Consequently, the user is faced with an inconvenience of not being able to utilize the computer system of his or her own organization freely from an external location.
Thus, when an identical user has user IDs in correspondence to a plurality of computers under different managements, and uses a plurality of computers which are connected through a network while the user moves from a location of one computer to a location of another computer, it has been quite tedious for the user to carry out a procedure to make an access from one computer through another computer, because the system management, especially the user ID management, has been carried out independently at each computer. Moreover, when this procedure is simplified, there arises a problem from a viewpoint of security.
Also, it is a customary rule to set computers under different managements in a state in which the access from the external location through the network is either prohibited or severely limited, so that the user who utilizes a plurality of computers is required to modify the access limitation on the network in order to enable the access to a desired computer every time this user has changed his or her location, and the procedure for this modification and the modification operation required for that purpose have been quite tedious.